A whole range of Arcor, Asus and TP-Link routers are vulnerable to being reconfigured remotely without authorisation. On his blog, security researcher Bogdan Calin demonstrates that just displaying an email within the router's own network can have far-reaching consequences: when opened, his specially crafted test email reconfigures the wireless router so that it redirects the user's internet data traffic.
An attacker could exploit this to, for example, redirect unwitting users to a phishing site and harvest their details when they are trying to log into facebook.com.